Mandatory Access Control

Mandatory Access Control (MAC) ensures that the enforcement of
organizational security policy does not rely on voluntary web
application user compliance. MAC secures information by assigning
sensitivity labels on information and comparing this to the level of
sensitivity a user is operating at. In general, MAC access control
mechanisms are more secure than DAC yet have trade offs in performance
and convenience to users. MAC mechanisms assign a security level to all
information, assign a security clearance to each user, and ensure that
all users only have access to that data for which they have a clearance.
MAC is usually appropriate for extremely secure systems including
multilevel secure military applications or mission critical data
applications. A MAC access control model often exhibits one or more of
the following attributes.

Only administrators, not data owners, make changes to a
resource's security label.

All data is assigned security level that reflects its
relative sensitivity, confidentiality, and protection
value.

All users can read from a lower classification than the
one they are granted (A "secret" user can read an
unclassified document).

All users can write to a higher classification (A
"secret" user can post information to a Top Secret
resource).

All users are given read/write access to objects only of
the same classification (a "secret" user can only
read/write to a secret document).

Access is authorized or restricted to objects based on
the time of day depending on the labeling on the
resource and the user's credentials (driven by policy).

Access is authorized or restricted to objects based on
the security characteristics of the HTTP client (e.g.
SSL bit length, version information, originating IP
address or domain, etc.)